|
1 /* |
|
2 * Copyright (c) 2001-2006 Nokia Corporation and/or its subsidiary(-ies). |
|
3 * All rights reserved. |
|
4 * This component and the accompanying materials are made available |
|
5 * under the terms of the License "Eclipse Public License v1.0" |
|
6 * which accompanies this distribution, and is available |
|
7 * at the URL "http://www.eclipse.org/legal/epl-v10.html". |
|
8 * |
|
9 * Initial Contributors: |
|
10 * Nokia Corporation - initial contribution. |
|
11 * |
|
12 * Contributors: |
|
13 * |
|
14 * Description: EAP and WLAN authentication protocols. |
|
15 * |
|
16 */ |
|
17 |
|
18 |
|
19 |
|
20 |
|
21 #if !defined(_EAP_TYPE_TLS_PEAP_H_) |
|
22 #define _EAP_TYPE_TLS_PEAP_H_ |
|
23 |
|
24 #include "eap_tools.h" |
|
25 #include "eap_am_export.h" |
|
26 #include "abs_eap_am_type_tls_peap.h" |
|
27 #include "eap_am_network_id.h" |
|
28 #include "abs_eap_base_type.h" |
|
29 #include "eap_base_type.h" |
|
30 #include "eap_variable_data.h" |
|
31 #include "abs_eap_base_timer.h" |
|
32 #include "eap_crypto_api.h" |
|
33 #include "eap_protocol_layer.h" |
|
34 #include "eap_type_tls_peap_types.h" |
|
35 #include "abs_tls_base_record.h" |
|
36 #include "tls_record_header.h" |
|
37 #include "eap_master_session_key.h" |
|
38 |
|
39 class eap_tls_peap_header_c; |
|
40 class abs_eap_am_tools_c; |
|
41 class abs_eap_base_type_c; |
|
42 class eap_am_type_tls_peap_c; |
|
43 class tls_base_record_c; |
|
44 |
|
45 //-------------------------------------------------- |
|
46 |
|
47 |
|
48 /// This class is implementation of TLS/PEAP EAP type. See more detailed design and architecture document <a href="../../type/tls_peap/documentation/EAP_TLS_PEAP.doc">EAP_TLS_PEAP.doc</a>. |
|
49 class EAP_EXPORT eap_type_tls_peap_c |
|
50 : public abs_eap_base_timer_c |
|
51 , public eap_base_type_c |
|
52 , public abs_eap_am_type_tls_peap_c |
|
53 , public abs_tls_base_record_c |
|
54 { |
|
55 private: |
|
56 //-------------------------------------------------- |
|
57 |
|
58 /// This is pointer to the tools class. |
|
59 abs_eap_am_tools_c * const m_am_tools; |
|
60 |
|
61 /// This is pointer to adaptation module of TLS/PEAP EAP type. |
|
62 eap_am_type_tls_peap_c * m_am_type_tls_peap; |
|
63 |
|
64 /// This is pointer to TLS implementation. |
|
65 tls_base_record_c * m_tls_record; |
|
66 |
|
67 /// This is the realm part of NAI of the authenticator. |
|
68 /// Client uses this as a realm part on the NAI. |
|
69 eap_variable_data_c m_nai_realm; |
|
70 |
|
71 /// This is the full NAI of the client. |
|
72 eap_variable_data_c m_NAI; |
|
73 |
|
74 /// This is the identity used in EAP-Identity. |
|
75 eap_variable_data_c m_current_identity; |
|
76 |
|
77 /// This is network identity of the sent packet from this authentication session. |
|
78 eap_am_network_id_c m_send_network_id; |
|
79 |
|
80 /// This is offset in bytes of the EAP-type header in the packet buffer. |
|
81 /// Offset is described in abs_eap_base_type_c::get_header_offset(). |
|
82 u32_t m_tls_peap_header_offset; |
|
83 |
|
84 /// This is maximum transfer unit in bytes. |
|
85 /// MTU is described in abs_eap_base_type_c::get_header_offset(). |
|
86 u32_t m_MTU; |
|
87 |
|
88 /// This is length of the trailer in bytes. |
|
89 /// Trailer length is described in abs_eap_base_type_c::get_header_offset(). |
|
90 u32_t m_trailer_length; |
|
91 |
|
92 /// This is the state of this authentication session. |
|
93 eap_type_tls_peap_state_variable_e m_state; |
|
94 |
|
95 /// This is the saved previous state of this authentication session. |
|
96 eap_type_tls_peap_state_variable_e m_saved_previous_state; |
|
97 |
|
98 /// This is the state of reassembly. |
|
99 eap_type_tls_peap_reassembly_state_e m_reassembly_state; |
|
100 |
|
101 /// This is the saved previous state of reassembly. |
|
102 eap_type_tls_peap_reassembly_state_e m_saved_previous_reassembly_state; |
|
103 |
|
104 /// This is the offset of next fragment to be send from m_tls_message_buffer. |
|
105 u32_t m_tls_message_send_offset; |
|
106 |
|
107 /// This is the buffer for TLS-message reassembly and fragmentation. |
|
108 eap_variable_data_c m_tls_message_buffer; |
|
109 |
|
110 /// m_master_session_key. |
|
111 eap_master_session_key_c m_master_session_key; |
|
112 |
|
113 /// This is u32_t array of accepted PEAP versions. |
|
114 eap_variable_data_c m_accepted_PEAP_versions; |
|
115 |
|
116 /// This the current EAP-type (TLS, PEAP or TTLS). |
|
117 const eap_type_value_e m_current_eap_type; |
|
118 |
|
119 /// This separates different PEAP versions. |
|
120 /// This is the configured default PEAP version. |
|
121 peap_version_e m_configured_peap_version; |
|
122 |
|
123 /// This separates different PEAP versions. |
|
124 /// This is the current active PEAP version. |
|
125 peap_version_e m_current_peap_version; |
|
126 |
|
127 u8_t m_first_fragment_eap_identifier; |
|
128 |
|
129 tls_session_type_e m_tls_session_type; |
|
130 |
|
131 bool m_tunneled_eap_type_active; |
|
132 |
|
133 eap_state_variable_e m_tunneled_eap_type_authentication_state; |
|
134 |
|
135 |
|
136 bool m_free_am_type_tls_peap; |
|
137 |
|
138 bool m_free_tls_record; |
|
139 |
|
140 /// This indicates whether this object was generated successfully. |
|
141 bool m_is_valid; |
|
142 |
|
143 /// This indicates whether this object is client (true) or server (false). |
|
144 /// In terms of EAP-protocol whether this network entity is EAP-supplicant (true) or EAP-authenticator (false). |
|
145 bool m_is_client; |
|
146 |
|
147 /// True value of this flag indicates the EAP-Success packet must be received |
|
148 /// in successfull authentication of clien. |
|
149 /// This value is configured with EAP_TLS_PEAP_wait_eap_success_packet. |
|
150 bool m_wait_eap_success_packet; |
|
151 |
|
152 /// True value of this flag indicates the identifier of the EAP-Response/Identity must be checked. |
|
153 /// This is not possible cases where identifier of the EAP-Request/Identity is generated by other network entities. |
|
154 bool m_check_identifier_of_eap_identity_response; |
|
155 |
|
156 |
|
157 /// True value means this is a test version of TLS/PEAP. |
|
158 bool m_tls_peap_test_version; |
|
159 |
|
160 /// This flag forces check of NAI realm. Realm must be the same as given in EAP_TLS_PEAP_manual_realm configuration option. |
|
161 /// Default value is false, check is not done by default. |
|
162 bool m_check_nai_realm; |
|
163 |
|
164 #if defined(USE_EAP_TLS_IDENTITY_PRIVACY) |
|
165 /// Flag causes TLS to use identity privacy. |
|
166 bool m_tls_use_identity_privacy; |
|
167 #endif //#if defined(USE_EAP_TLS_IDENTITY_PRIVACY) |
|
168 |
|
169 |
|
170 /// This flag indicates whether the EAP-Failure was received. |
|
171 /// On successfull authentication bogus EAP-Failure is ignored. |
|
172 bool m_failure_message_received; |
|
173 |
|
174 /// This variable is set true when authentication finished successfully. |
|
175 bool m_authentication_finished_successfully; |
|
176 |
|
177 /// This variable stores the last used EAP-Identifier. |
|
178 /// Client will always send EAP-Response with this identifier. |
|
179 /// Server will always send EAP-Request with this identifier increased by one. |
|
180 /// Server increase this identifier after successfull packet send. |
|
181 u8_t m_last_eap_identifier; |
|
182 |
|
183 /// This flag is set true when shutdown is called. |
|
184 /// This is for internal sanity check. |
|
185 bool m_shutdown_was_called; |
|
186 |
|
187 /// This configurable option selects whether the TLS/PEAP version of Tppd |
|
188 /// is used, the length field is added to all message fragments |
|
189 /// even the message fits to one fragment except EAP-TLS-start, EAP-TLS-Acknowledge and |
|
190 /// PEAP-application data. The client acknowledges tunneled EAP-Success message |
|
191 /// with empty PEAP message. |
|
192 bool m_use_tppd_tls_peap; |
|
193 |
|
194 /// On fast session resume server does not send tunneled EAP-Success. |
|
195 /// Instead it sends plain EAP-Success. |
|
196 /// True value of this flag allows this plain EAP-Success. |
|
197 bool m_use_tppd_peapv1_acknowledge_hack; |
|
198 |
|
199 /// This flag tells the send message includes TLS-Handshake message. |
|
200 /// Note the received messages are not marked. |
|
201 /// This information is needed in some PEAP versions. |
|
202 /// All messages including TLS-Handshake message must have PEAP L bit and four octet TLS message length field. |
|
203 bool m_includes_tls_handshake_message; |
|
204 |
|
205 bool m_use_eap_expanded_type; |
|
206 |
|
207 //-------------------------------------------------- |
|
208 |
|
209 EAP_FUNC_IMPORT eap_status_e select_peap_version(const u32_t proposed_peap_version); |
|
210 |
|
211 /** |
|
212 * This function generates a new NAI from domain and identity. |
|
213 */ |
|
214 EAP_FUNC_IMPORT eap_status_e generate_nai( |
|
215 eap_variable_data_c * const new_nai, ///< This is the new generated NAI. |
|
216 const eap_variable_data_c * const domain, ///< This is the domain part of the NAI. |
|
217 const eap_variable_data_c * const identity ///< This is identity. |
|
218 ); |
|
219 |
|
220 /** |
|
221 * This function handles the received TLS/PEAP EAP packet. |
|
222 * |
|
223 * First is checked the valid massage is received in valid state. |
|
224 * |
|
225 * Second is parsed the payloads and checked syntax of the received TLS/PEAP EAP packet. |
|
226 * See also parse_tls_peap_packet(). |
|
227 * |
|
228 * Third is analysed the TLS/PEAP EAP packet. This includes the payload and values of each payload. |
|
229 * See also analyse_tls_peap_packet(). |
|
230 */ |
|
231 EAP_FUNC_IMPORT eap_status_e handle_tls_peap_packet( |
|
232 const eap_am_network_id_c * const receive_network_id, ///< This is the network identity of the received EAP packet. |
|
233 eap_tls_peap_header_c * const tls_peap, ///< This is pointer to EAP header including EAP-TLS/PEAP fields. |
|
234 const u32_t tls_peap_length ///< This is length of received TLS/PEAP EAP packet. |
|
235 ); |
|
236 |
|
237 /** |
|
238 * This function analyses the received TLS/PEAP EAP packet. |
|
239 * Each sub-type is handled in separate function. |
|
240 * @see Client messages are handled in handle_start_request_message() and handle_challenge_request_message(). |
|
241 * @see Server messages are handled in handle_start_response_message() and handle_challenge_response_message(). |
|
242 */ |
|
243 EAP_FUNC_IMPORT eap_status_e analyse_tls_peap_packet( |
|
244 const eap_am_network_id_c * const receive_network_id, ///< This is the network identity of the received EAP packet. |
|
245 eap_tls_peap_header_c * const received_tls_peap, ///< This is pointer to EAP header including EAP-TLS/PEAP fields. |
|
246 const u32_t tls_peap_packet_length ///< This is length of received TLS/PEAP EAP packet. |
|
247 ); |
|
248 |
|
249 /** |
|
250 * This function parses the payloads starting from specified payload (p_payload). |
|
251 * Function parses all payloads from the buffer. |
|
252 * Payloads are stored to p_tls_peap_payloads. |
|
253 * @return If the length of the buffer and sum of the length of all payloads does not match |
|
254 * function returns eap_status_header_corrupted. |
|
255 * Also error is returned when illegal payload attribute is recognised. |
|
256 */ |
|
257 EAP_FUNC_IMPORT eap_status_e parse_tls_peap_payload( |
|
258 u32_t * const buffer_length ///< This is the length of the buffer. This must match with the length of all payloads. |
|
259 ); |
|
260 |
|
261 /** |
|
262 * This function checks the version list payload of the TLS/PEAP EAP packet is correct. |
|
263 */ |
|
264 EAP_FUNC_IMPORT eap_status_e check_version_list( |
|
265 const u16_t version_list_length, |
|
266 u8_t * version_list); |
|
267 |
|
268 /** |
|
269 * This function parses all payloads of the whole TLS/PEAP EAP packet. |
|
270 * Payloads are stored to p_tls_peap_payloads. |
|
271 * @see parse_tls_peap_payload(). |
|
272 */ |
|
273 EAP_FUNC_IMPORT eap_status_e parse_tls_peap_packet( |
|
274 eap_tls_peap_header_c * const tls_peap, ///< This is pointer to EAP header including EAP-TLS/PEAP fields. |
|
275 const u32_t tls_peap_packet_length ///< This is length of received TLS/PEAP EAP packet. |
|
276 ); |
|
277 |
|
278 //-------------------------------------------------- |
|
279 |
|
280 /** |
|
281 * This function returns the domain name, realm part of NAI. |
|
282 */ |
|
283 EAP_FUNC_IMPORT eap_variable_data_c * get_nai_realm(); |
|
284 |
|
285 /** |
|
286 * This function returns the full NAI. |
|
287 */ |
|
288 EAP_FUNC_IMPORT eap_variable_data_c * get_NAI(); |
|
289 |
|
290 /** |
|
291 * This is the situation before the update_buffer_indexes() call. |
|
292 * @code |
|
293 * |
|
294 * |<---------buffer_offset-------->|<----------buffer_free----------------->| |
|
295 * | | | |
|
296 * | +-----+---------------+--------------------+ | |
|
297 * | | EAP | data | new payload | | |
|
298 * | +-----+---------------+--------------------+ | |
|
299 * | | | |
|
300 * |<-offset->|<----MTU----------------------------------------------------->|<-trailer->| |
|
301 * | | |
|
302 * |<-----------------------maximum_buffer_size----------------------------------------->| |
|
303 * |
|
304 * @endcode |
|
305 * |
|
306 * This is the situation after the update_buffer_indexes() call. |
|
307 * @code |
|
308 * |
|
309 * |<-----------------buffer_offset--------------------->|<---buffer_free--->| |
|
310 * | | | |
|
311 * | +-----+---------------+--------------------+ | |
|
312 * | | EAP | data | new payload | | |
|
313 * | +-----+---------------+--------------------+ | |
|
314 * | | | |
|
315 * |<-offset->|<----MTU----------------------------------------------------->|<-trailer->| |
|
316 * | | |
|
317 * |<-----------------------maximum_buffer_size----------------------------------------->| |
|
318 * |
|
319 * @endcode |
|
320 * |
|
321 * Note maximum_buffer_size could be larger than (m_tls_peap_header_offset + m_MTU + m_trailer_length). |
|
322 */ |
|
323 EAP_FUNC_IMPORT void update_buffer_indexes( |
|
324 const u32_t maximum_buffer_size, |
|
325 const u32_t payload_size, |
|
326 u32_t * const buffer_offset, |
|
327 u32_t * const buffer_free); |
|
328 |
|
329 /** |
|
330 * This is the situation before the update_payload_indexes() call. |
|
331 * @code |
|
332 * |
|
333 * |<---------buffer_offset-------->|<----------buffer_free----------------->| |
|
334 * | | | |
|
335 * | |<-data_offset->|<--------data_free--------------------->| |
|
336 * | | | | |
|
337 * | | |<---payload_size--->| | |
|
338 * | | | | | |
|
339 * | +-----+---------------+--------------------+ | |
|
340 * | | EAP | data | new payload | | |
|
341 * | +-----+---------------+--------------------+ | |
|
342 * | | | |
|
343 * |<-offset->|<----MTU----------------------------------------------------->|<-trailer->| |
|
344 * | | |
|
345 * |<-----------------------maximum_buffer_size----------------------------------------->| |
|
346 * |
|
347 * @endcode |
|
348 * |
|
349 * This is the situation after the update_payload_indexes() call. |
|
350 * @code |
|
351 * |
|
352 * |<-----------------buffer_offset--------------------->|<---buffer_free--->| |
|
353 * | | | |
|
354 * | |<----------data_offset------------->|<----data_free---->| |
|
355 * | | | | |
|
356 * | | |<---payload_size--->| | |
|
357 * | | | | | |
|
358 * | +-----+---------------+--------------------+ | |
|
359 * | | EAP | data | new payload | | |
|
360 * | +-----+---------------+--------------------+ | |
|
361 * | | | |
|
362 * |<-offset->|<----MTU----------------------------------------------------->|<-trailer->| |
|
363 * | | |
|
364 * |<-----------------------maximum_buffer_size----------------------------------------->| |
|
365 * |
|
366 * @endcode |
|
367 * |
|
368 * Note maximum_buffer_size could be larger than (m_tls_peap_header_offset + m_MTU + m_trailer_length). |
|
369 */ |
|
370 EAP_FUNC_IMPORT void update_payload_indexes( |
|
371 const u32_t maximum_buffer_size, |
|
372 const u32_t eap_header_size, |
|
373 const u32_t payload_size, |
|
374 u32_t * const data_offset, |
|
375 u32_t * const data_free, |
|
376 u32_t * const buffer_offset, |
|
377 u32_t * const buffer_free); |
|
378 |
|
379 /** |
|
380 * This function reads the identity payload. Identity is stored to handler->get_identity(). |
|
381 */ |
|
382 EAP_FUNC_IMPORT eap_status_e parse_identity( |
|
383 const u8_t * const identity, ///< This is pointer to received EAP-Identity buffer. |
|
384 const u32_t identity_length ///< This is length of received EAP-Identity buffer. |
|
385 ); |
|
386 |
|
387 /** |
|
388 * This function handles the received EAP-Response/Identity message. |
|
389 * First function parses the identity. |
|
390 * The send_start_request_message() function will send the EAP-Request/SIM/Start message. |
|
391 */ |
|
392 EAP_FUNC_IMPORT eap_status_e handle_identity_response_message( |
|
393 eap_header_rd_c * const eap_header, ///< This is the received EAP-Identity packet, pointer points to the header. |
|
394 const u32_t tls_peap_packet_length ///< This is length of received TLS/PEAP EAP packet. |
|
395 ); |
|
396 |
|
397 /** |
|
398 * This function chechs NAI. |
|
399 */ |
|
400 EAP_FUNC_IMPORT eap_status_e check_NAI( |
|
401 const u8_t * const identity, |
|
402 const u32_t identity_length, |
|
403 const u8_t * const at_character); |
|
404 |
|
405 /** |
|
406 * This function traces the EAP packet. |
|
407 */ |
|
408 EAP_FUNC_IMPORT void packet_trace( |
|
409 eap_const_string prefix, |
|
410 const eap_am_network_id_c * const receive_network_id, |
|
411 eap_header_wr_c * const received_eap, |
|
412 const u32_t eap_packet_length); |
|
413 |
|
414 /** |
|
415 * This function returns m_master_session_key. |
|
416 */ |
|
417 eap_master_session_key_c * get_master_session_key(); |
|
418 |
|
419 /** |
|
420 * This function finishes the successfull authentication. |
|
421 * Generated keys are offered to lower layer. |
|
422 * Connection handle is initialised. |
|
423 */ |
|
424 EAP_FUNC_IMPORT eap_status_e finish_successful_authentication( |
|
425 const bool send_tppd_peapv1_empty_acknowledge, |
|
426 const bool do_quiet_finish, |
|
427 const bool do_send_empty_acknowledge); |
|
428 |
|
429 /** |
|
430 * This function sends a notification of possible failed authentication |
|
431 * to lower layer. |
|
432 */ |
|
433 EAP_FUNC_IMPORT eap_status_e send_final_notification(); |
|
434 |
|
435 |
|
436 /** |
|
437 * This function returns the state of this authentication session. |
|
438 */ |
|
439 EAP_FUNC_IMPORT eap_type_tls_peap_state_variable_e get_state() const; |
|
440 |
|
441 /** |
|
442 * This function sets the new state and notifies the lower layer of this change. |
|
443 */ |
|
444 EAP_FUNC_IMPORT void set_state(const eap_type_tls_peap_state_variable_e state); |
|
445 |
|
446 /** |
|
447 * This function saves the current m_state to m_saved_previous_state. |
|
448 * The saved state is restored in error case. |
|
449 */ |
|
450 EAP_FUNC_IMPORT void save_current_state(); |
|
451 |
|
452 /** |
|
453 * This function restores the saved state. |
|
454 */ |
|
455 EAP_FUNC_IMPORT void restore_saved_previous_state(); |
|
456 |
|
457 |
|
458 /** |
|
459 * This function returns the state of reassembly. |
|
460 */ |
|
461 EAP_FUNC_IMPORT eap_type_tls_peap_reassembly_state_e get_reassembly_state() const; |
|
462 |
|
463 /** |
|
464 * This function sets the new reassembly state. |
|
465 */ |
|
466 EAP_FUNC_IMPORT void set_reassembly_state(const eap_type_tls_peap_reassembly_state_e state); |
|
467 |
|
468 /** |
|
469 * This function saves the current m_reassembly_state to m_saved_previous_reassembly_state. |
|
470 * The saved state is restored in error case. |
|
471 */ |
|
472 EAP_FUNC_IMPORT void save_current_reassembly_state(); |
|
473 |
|
474 /** |
|
475 * This function restores the saved reassembly state. |
|
476 */ |
|
477 EAP_FUNC_IMPORT void restore_saved_reassembly_state(); |
|
478 |
|
479 |
|
480 /** |
|
481 * This function returns the send network identity of this session. |
|
482 */ |
|
483 EAP_FUNC_IMPORT eap_am_network_id_c * get_send_network_id(); |
|
484 |
|
485 /** |
|
486 * This function stores the last EAP-Identifier. |
|
487 */ |
|
488 EAP_FUNC_IMPORT void set_last_eap_identifier(const u8_t last_eap_identifier); |
|
489 |
|
490 /** |
|
491 * This function returns the last stored EAP-Identifier. |
|
492 */ |
|
493 EAP_FUNC_IMPORT u8_t get_last_eap_identifier() const; |
|
494 |
|
495 eap_status_e check_received_eap_identifier( |
|
496 const eap_header_wr_c * const eap_header); |
|
497 |
|
498 |
|
499 /** |
|
500 * This function returns string of the current state. This is for trace purposes. |
|
501 */ |
|
502 EAP_FUNC_IMPORT eap_const_string get_state_string() const; |
|
503 |
|
504 /** |
|
505 * This function returns string of the current state. This is for trace purposes. |
|
506 */ |
|
507 EAP_FUNC_IMPORT eap_const_string get_saved_previous_state_string() const; |
|
508 |
|
509 /** |
|
510 * This function returns string of the current reassembly state. This is for trace purposes. |
|
511 */ |
|
512 EAP_FUNC_IMPORT eap_const_string get_reassembly_state_string() const; |
|
513 |
|
514 |
|
515 /** |
|
516 * This function sets the m_failure_message_received flag true. |
|
517 */ |
|
518 EAP_FUNC_IMPORT void set_failure_message_received(); |
|
519 |
|
520 /** |
|
521 * This function sets the m_failure_message_received flag false. |
|
522 */ |
|
523 EAP_FUNC_IMPORT void unset_failure_message_received(); |
|
524 |
|
525 /** |
|
526 * This function returns the m_failure_message_received flag. |
|
527 */ |
|
528 EAP_FUNC_IMPORT bool get_failure_message_received() const; |
|
529 |
|
530 /** |
|
531 * This function sends an empty EAP-packet. |
|
532 */ |
|
533 EAP_FUNC_IMPORT eap_status_e send_empty_eap_ack(); |
|
534 |
|
535 /** |
|
536 * This function sends EAP-TLS/PEAP start message. |
|
537 */ |
|
538 EAP_FUNC_IMPORT eap_status_e send_tls_peap_start_message( |
|
539 const u8_t next_eap_identifier, ///< This is EAP-Identifier of next EAP packet. |
|
540 const eap_variable_data_c * const authority_identity_payload |
|
541 ); |
|
542 |
|
543 /** |
|
544 * This function sends starts EAP-TLS/PEAP after a start message is received. |
|
545 */ |
|
546 EAP_FUNC_IMPORT eap_status_e start_tls_peap_authentication( |
|
547 const eap_variable_data_c * const received_authority_identity_payload |
|
548 ); |
|
549 |
|
550 /** |
|
551 * This function extracts the TLS-record message from m_tls_message_buffer and forwards it to tls_base_record_c object. |
|
552 */ |
|
553 EAP_FUNC_IMPORT eap_status_e tls_message_process( |
|
554 const eap_am_network_id_c * const receive_network_id, ///< This is the network identity of the received EAP packet. |
|
555 eap_tls_peap_header_c * const received_tls_peap, ///< This is pointer to EAP header including EAP-TLS/PEAP fields. |
|
556 const u32_t tls_peap_packet_length ///< This is length of received TLS/PEAP EAP packet. |
|
557 ); |
|
558 |
|
559 /** |
|
560 * This function sends the EAP-TLS/PEAP message from rm_tls_reassembly_buffer. |
|
561 */ |
|
562 EAP_FUNC_IMPORT eap_status_e eap_tls_peap_fragment_send(); |
|
563 |
|
564 EAP_FUNC_IMPORT eap_status_e create_random_eap_identity( |
|
565 eap_variable_data_c * const local_identity); |
|
566 |
|
567 EAP_FUNC_IMPORT eap_status_e create_eap_fast_mac_identity( |
|
568 const eap_am_network_id_c * const send_network_id, |
|
569 eap_variable_data_c * const mac_identity); |
|
570 |
|
571 EAP_FUNC_IMPORT eap_status_e handle_eap_identity_query( |
|
572 const eap_variable_data_c * const user_certificate_identity, |
|
573 const eap_am_network_id_c * const receive_network_id, |
|
574 const u8_t eap_identifier, |
|
575 const bool use_manual_username, |
|
576 const eap_variable_data_c * const manual_username, |
|
577 const bool use_manual_realm, |
|
578 const eap_variable_data_c * const manual_realm |
|
579 ); |
|
580 |
|
581 EAP_FUNC_IMPORT tls_session_type_e get_tls_session_type(); |
|
582 |
|
583 //-------------------------------------------------- |
|
584 protected: |
|
585 //-------------------------------------------------- |
|
586 |
|
587 //-------------------------------------------------- |
|
588 public: |
|
589 //-------------------------------------------------- |
|
590 |
|
591 /** |
|
592 * Destructor cancels all timers and deletes member attributes. |
|
593 */ |
|
594 EAP_FUNC_IMPORT virtual ~eap_type_tls_peap_c(); |
|
595 |
|
596 /** |
|
597 * Constructor initializes all member attributes. |
|
598 */ |
|
599 EAP_FUNC_IMPORT eap_type_tls_peap_c( |
|
600 abs_eap_am_tools_c * const tools, ///< This is pointer to the tools AM of current platform. |
|
601 abs_eap_base_type_c * const partner, ///< This is back pointer to object which created this object. |
|
602 eap_am_type_tls_peap_c * const am_type_tls_peap, ///< This is pointer to adaptation module of TLS/PEAP EAP type. |
|
603 const bool free_am_type_tls_peap, |
|
604 tls_base_record_c * const tls_record, /// This is pointer to TLS implementation. |
|
605 const bool free_tls_record, |
|
606 const bool is_client_when_true, ///< Indicates whether this is client (true) or server (false). |
|
607 const eap_type_value_e current_eap_type, ///< This the current EAP-type (TLS or PEAP). |
|
608 const eap_am_network_id_c * const receive_network_id ///< The network id used for this session. |
|
609 ); |
|
610 |
|
611 /** |
|
612 * This function creates reassembly state string. |
|
613 */ |
|
614 EAP_FUNC_IMPORT static eap_const_string get_reassembly_state_string(eap_type_tls_peap_reassembly_state_e state); |
|
615 |
|
616 /** |
|
617 * This function creates state string. |
|
618 */ |
|
619 EAP_FUNC_IMPORT static eap_const_string get_state_string(eap_type_tls_peap_state_variable_e state); |
|
620 |
|
621 |
|
622 /** |
|
623 * This function tells if the object is a client or a server.. |
|
624 */ |
|
625 EAP_FUNC_IMPORT bool get_is_client(); |
|
626 |
|
627 // This is commented in abs_eap_am_type_tls_peap_c::complete_eap_identity_query(). |
|
628 EAP_FUNC_IMPORT eap_status_e complete_eap_identity_query( |
|
629 const eap_variable_data_c * const user_certificate_identity, |
|
630 const eap_am_network_id_c * const receive_network_id, |
|
631 const u8_t eap_identifier, |
|
632 const eap_status_e completion_status, |
|
633 const bool use_manual_username, |
|
634 const eap_variable_data_c * const manual_username, |
|
635 const bool use_manual_realm, |
|
636 const eap_variable_data_c * const manual_realm |
|
637 ); |
|
638 |
|
639 /** |
|
640 * The partner class calls this function when EAP/TLS/PEAP packet is received. |
|
641 * see also eap_base_type_c::packet_process(). |
|
642 */ |
|
643 EAP_FUNC_IMPORT eap_status_e packet_process( |
|
644 const eap_am_network_id_c * const receive_network_id, ///< This is the network identity of the received EAP packet. |
|
645 eap_header_wr_c * const eap, ///< This is pointer to EAP header and data. |
|
646 const u32_t eap_packet_length ///< This is length of received EAP packet. |
|
647 ); |
|
648 |
|
649 /** |
|
650 * This function processes the EAP-Response/Identity. |
|
651 */ |
|
652 EAP_FUNC_IMPORT eap_status_e eap_identity_response_packet_process( |
|
653 const eap_am_network_id_c * const receive_network_id, ///< This is the network identity of the received EAP packet. |
|
654 eap_header_wr_c * const received_eap, ///< This is pointer to EAP header and data. |
|
655 const u32_t eap_packet_length ///< This is length of received EAP packet. |
|
656 ); |
|
657 |
|
658 /** |
|
659 * This function processes the TLS/PEAP packets. |
|
660 */ |
|
661 EAP_FUNC_IMPORT eap_status_e tls_peap_packet_process( |
|
662 const eap_am_network_id_c * const receive_network_id, ///< This is the network identity of the received EAP packet. |
|
663 eap_tls_peap_header_c * const received_tls_peap, ///< This is pointer to EAP header including EAP-TLS/PEAP fields. |
|
664 const u32_t tls_peap_packet_length ///< This is length of received TLS/PEAP EAP packet. |
|
665 ); |
|
666 |
|
667 // This is commented in abs_eap_base_timer_c::timer_delete_data(). |
|
668 EAP_FUNC_IMPORT eap_status_e timer_expired( |
|
669 const u32_t id, void *data |
|
670 ); |
|
671 |
|
672 // This is commented in abs_eap_base_timer_c::timer_delete_data(). |
|
673 EAP_FUNC_IMPORT eap_status_e timer_delete_data( |
|
674 const u32_t id, void *data |
|
675 ); |
|
676 |
|
677 // This is commented in eap_base_type_c::set_is_valid(). |
|
678 EAP_FUNC_IMPORT void set_is_valid(); |
|
679 |
|
680 // This is commented in eap_base_type_c::get_is_valid(). |
|
681 EAP_FUNC_IMPORT bool get_is_valid(); |
|
682 |
|
683 // This is commented in eap_base_type_c::configure(). |
|
684 EAP_FUNC_IMPORT eap_status_e configure(); |
|
685 |
|
686 // This is commented in eap_base_type_c::shutdown(). |
|
687 EAP_FUNC_IMPORT eap_status_e shutdown(); |
|
688 |
|
689 // This is commented in eap_base_type_c::query_eap_identity(). |
|
690 EAP_FUNC_IMPORT eap_status_e query_eap_identity( |
|
691 const bool must_be_synchronous, |
|
692 eap_variable_data_c * const identity, |
|
693 const eap_am_network_id_c * const receive_network_id, |
|
694 const u8_t eap_identifier); |
|
695 |
|
696 // This is commented in eap_base_type_c::query_eap_identity(). |
|
697 EAP_FUNC_IMPORT eap_status_e set_initial_eap_identifier( |
|
698 const eap_am_network_id_c * const receive_network_id, |
|
699 const u8_t initial_identifier); |
|
700 |
|
701 // This is commented in eap_base_type_c::eap_acknowledge(). |
|
702 EAP_FUNC_IMPORT eap_status_e eap_acknowledge( |
|
703 const eap_am_network_id_c * const receive_network_id); |
|
704 |
|
705 /** |
|
706 * This function must reset the state of object to same as |
|
707 * state was after the configure() function call. |
|
708 * If object reset succeeds this function must return eap_status_ok. |
|
709 * If object reset fails this function must return corresponding error status. |
|
710 * @return This function returns the status of reset operation. |
|
711 */ |
|
712 EAP_FUNC_IMPORT eap_status_e reset(); |
|
713 |
|
714 EAP_FUNC_IMPORT eap_status_e set_tls_master_secret( |
|
715 const eap_variable_data_c * const eap_tls_master_session_key); |
|
716 |
|
717 /// @see abs_tls_base_record_c::state_notification(). |
|
718 EAP_FUNC_IMPORT void state_notification( |
|
719 const abs_eap_state_notification_c * const state |
|
720 ); |
|
721 |
|
722 /// @see abs_tls_base_record_c::packet_send(). |
|
723 EAP_FUNC_IMPORT eap_status_e tls_peap_packet_send( |
|
724 eap_buf_chain_wr_c * const sent_packet, |
|
725 const u32_t header_offset, |
|
726 const u32_t data_length, |
|
727 const u32_t buffer_length, |
|
728 const bool includes_tls_handshake_message); |
|
729 |
|
730 /// @see abs_tls_base_record_c::packet_send(). |
|
731 EAP_FUNC_IMPORT eap_status_e packet_send( |
|
732 const eap_am_network_id_c * const network_id, |
|
733 eap_buf_chain_wr_c * const sent_packet, |
|
734 const u32_t header_offset, |
|
735 const u32_t data_length, |
|
736 const u32_t buffer_length); |
|
737 |
|
738 /// @see abs_tls_base_record_c::get_header_offset(). |
|
739 EAP_FUNC_IMPORT u32_t get_header_offset( |
|
740 u32_t * const MTU, |
|
741 u32_t * const trailer_length |
|
742 ); |
|
743 |
|
744 /// @see abs_tls_base_record_c::restart_authentication(). |
|
745 EAP_FUNC_IMPORT eap_status_e restart_authentication( |
|
746 const eap_am_network_id_c * const receive_network_id, |
|
747 const bool is_client_when_true, |
|
748 const bool force_clean_restart, |
|
749 const bool from_timer); |
|
750 |
|
751 /// @see abs_tls_base_record_c::read_configure(). |
|
752 EAP_FUNC_IMPORT virtual eap_status_e read_configure( |
|
753 const eap_configuration_field_c * const field, |
|
754 eap_variable_data_c * const data |
|
755 ); |
|
756 |
|
757 /// @see abs_tls_base_record_c::write_configure(). |
|
758 EAP_FUNC_IMPORT virtual eap_status_e write_configure( |
|
759 const eap_configuration_field_c * const field, |
|
760 eap_variable_data_c * const data |
|
761 ); |
|
762 |
|
763 /// @see abs_tls_base_record_c::set_timer(). |
|
764 EAP_FUNC_IMPORT eap_status_e set_timer( |
|
765 abs_eap_base_timer_c * const p_initializer, |
|
766 const u32_t p_id, |
|
767 void * const p_data, |
|
768 const u32_t p_time_ms); |
|
769 |
|
770 /// @see abs_tls_base_record_c::cancel_timer(). |
|
771 EAP_FUNC_IMPORT eap_status_e cancel_timer( |
|
772 abs_eap_base_timer_c * const p_initializer, |
|
773 const u32_t p_id); |
|
774 |
|
775 /// @see abs_tls_base_record_c::cancel_all_timers(). |
|
776 EAP_FUNC_IMPORT eap_status_e cancel_all_timers(); |
|
777 |
|
778 /// @see abs_tls_base_record_c::load_module(). |
|
779 EAP_FUNC_IMPORT eap_status_e load_module( |
|
780 const eap_type_value_e type, |
|
781 const eap_type_value_e /* tunneling_type */, |
|
782 abs_eap_base_type_c * const partner, |
|
783 eap_base_type_c ** const eap_type, |
|
784 const bool is_client_when_true, |
|
785 const eap_am_network_id_c * const receive_network_id); |
|
786 |
|
787 /// @see abs_tls_base_record_c::unload_module(). |
|
788 EAP_FUNC_IMPORT eap_status_e unload_module(const eap_type_value_e type); |
|
789 |
|
790 /// @see abs_tls_base_record_c::packet_data_crypto_keys(). |
|
791 EAP_FUNC_IMPORT eap_status_e packet_data_crypto_keys( |
|
792 const eap_am_network_id_c * const send_network_id, |
|
793 const eap_master_session_key_c * const master_session_key); |
|
794 |
|
795 /// @see abs_tls_base_record_c::check_is_valid_eap_type(). |
|
796 EAP_FUNC_IMPORT eap_status_e check_is_valid_eap_type(const eap_type_value_e eap_type); |
|
797 |
|
798 /// @see abs_tls_base_record_c::get_eap_type_list(). |
|
799 EAP_FUNC_IMPORT eap_status_e get_eap_type_list( |
|
800 eap_array_c<eap_type_value_e> * const eap_type_list); |
|
801 |
|
802 /// @see abs_tls_base_record_c::set_session_timeout(). |
|
803 EAP_FUNC_IMPORT eap_status_e set_session_timeout( |
|
804 const u32_t session_timeout_ms); |
|
805 |
|
806 EAP_FUNC_IMPORT eap_status_e add_rogue_ap(eap_array_c<eap_rogue_ap_entry_c> & rogue_ap_list); |
|
807 |
|
808 EAP_FUNC_IMPORT eap_status_e peap_tunnel_ready(); |
|
809 |
|
810 EAP_FUNC_IMPORT eap_status_e set_tls_session_type(const tls_session_type_e tls_session_type); |
|
811 |
|
812 //-------------------------------------------------- |
|
813 }; // class eap_type_tls_peap_c |
|
814 |
|
815 #endif //#if !defined(_EAP_TYPE_TLS_PEAP_H_) |
|
816 |
|
817 //-------------------------------------------------- |
|
818 |
|
819 |
|
820 |
|
821 // End. |